• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved How to update cURL on CentOS 7.9.2009 (Core) and Plesk Obsidian 18.0

raphael_suporte

Basic Pleskian
I have the following warning message on my WHMCS:

"You currently have version 7.29.0 of cURL installed. This version is known to have security issues. Update to the latest cURL and make sure it is greater than: last_bad_version."

...how can I solve? Since I already tried to update the cURL by running the command - yum update curl
 

Attachments

  • WHMCS-Status-do-Sistema.png
    WHMCS-Status-do-Sistema.png
    20.5 KB · Views: 17
Plesk does not provide the 'curl' package but depends on the 'curl' package shipped by the operating system vendor.

The only way to update the base cURL version is to use a 3rd-party repository. However, it may result in OS package manager malfunction, is not recommended by the OS vendor and should be applied at your own risk, since this operation is not managed by Plesk.

In case you still want to proceed with it, here are the steps (creating a server snapshot beforehand is strongly recommended):
  • Create a city-fan.org yum repository file:
    Code:
    # touch /etc/yum.repos.d/city-fan.repo
  • Open the created file /etc/yum.repos.d/city-fan.repo in any text editor and put the content below in it:
Code:
[CityFan]name=City Fan Repo
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch/
enabled=1
gpgcheck=0
  • Enable the EPEL repository:
    Code:
    # yum install epel-release -y
  • Rerun the update:
    Code:
    # yum install curl libcurl
  • Verify the version:
    Code:
    # curl --version
  • Restart all cURL dependent services:
Code:
# service sw-engine restart# service sw-cp-server restart
# service php-fpm restart
# service plesk-phpXX-fpm restart (replace XX with version)
# service httpd restart
# service nginx restart
 
One should hope that for centos, like debian, security patches are backported. So that warning might be misleading.
A hint of this would be if the package is much newer than the security advisory.
 
Plesk does not provide the 'curl' package but depends on the 'curl' package shipped by the operating system vendor.

The only way to update the base cURL version is to use a 3rd-party repository. However, it may result in OS package manager malfunction, is not recommended by the OS vendor and should be applied at your own risk, since this operation is not managed by Plesk.

In case you still want to proceed with it, here are the steps (creating a server snapshot beforehand is strongly recommended):
  • Create a city-fan.org yum repository file:
    Code:
    # touch /etc/yum.repos.d/city-fan.repo
  • Open the created file /etc/yum.repos.d/city-fan.repo in any text editor and put the content below in it:
Code:
[CityFan]name=City Fan Repo
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch/
enabled=1
gpgcheck=0
  • Enable the EPEL repository:
    Code:
    # yum install epel-release -y
  • Rerun the update:
    Code:
    # yum install curl libcurl
  • Verify the version:
    Code:
    # curl --version
  • Restart all cURL dependent services:
Code:
# service sw-engine restart# service sw-cp-server restart
# service php-fpm restart
# service plesk-phpXX-fpm restart (replace XX with version)
# service httpd restart
# service nginx restart


The URL provided is not working anymore. Do you know a different URL where I can get the update for cURL? Is anyone knows a different URL? Thank you
 
Back
Top